Take a look at your iPhone charging cable—it doesn’t matter whether it’s the new iPhone 15 USB-C version or one with a traditional Lightning connection. Such a simple accessory. You would never imagine the dangerous threat that could be hiding inside that sleek, white casing. Unfortunately, if you’re unlucky enough to come across a weaponized cable, there’s simply no way to tell.
Dubbed the world’s “most dangerous USB cable,” the OMG Cable has now been updated once again. For less than $200 online, anyone can purchase a device more akin to a sophisticated release from Q-Branch than a PayPal purchase, one that would have been restricted to intel agencies and would set back any would-be buyers able to purchase many thousands of dollars.
This innocent-looking cable can capture keystrokes, steal credentials, exfiltrate data, and even plant malware—and there’s nothing needed but the cable itself. An attacker can log directly into the tiny device from anywhere, and if you’re under an active attack, you’d almost certainly not realise it.
“Nation-state actors use a variety of techniques in highly targeted attacks to snoop on their prey and these cables act as yet another tool in their toolkit,” explains ESET’s Jake Moore. “If those in positions where they might be a high-profile target are in jeopardy, it would be recommended they never use any cable or device that isn’t authorised.”
Not the kind of device you’d expect to find for sale online—but here we are. First launched in 2019 to wide acclaim, the new OMG Elite has now delivered the kind of advancement over the original we’re more used to seeing from the hyper-fueled PC and smartphone manufacturers these cables are intended to compromise, rather than the smaller, specialist white hat supply chain.
OMG’s cables hide processing, payload, and a WiFi access point in the exact same cable casing dimensions as the originals from Apple or elsewhere. “In effect,” Forbes’ Davey Winder said of the original OMG release, “this is a mini-computer stuck in the end of a cable—it’s incredible.”
Now, the latest releases, which have not yet been publicised, push the capability much, much further. “Our newly released Elite Series unlocks some fun things,” its inventor, Mike Grover, told me this week. “We have put the OMG implant into multiple form factors since we last talked. USB-A Cables, USB-C Cables, USB-A to -C Adapters, USB Data Blockers (yes, making a data blocker malicious :D).”
The cables, which can be controlled remotely through an independent WiFi access point, have always enabled key logging to capture credentials and keystroke injection to compromise the devices and accounts they can access. Its the new release that has just added data exfiltration to the mix.